7aa578abcefc7084653a5585df9bdb8cf1d1b25c34be96a9197ccb85371fbf1a

Analysis

max time kernel
0s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 11:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6a0229d675c9712649c7a0c025bac3bd.html
Size

132KB
MD5

6a0229d675c9712649c7a0c025bac3bd
SHA1

097d2b1ee63da9ab663a972aff214cc6eaf60474
SHA256

7aa578abcefc7084653a5585df9bdb8cf1d1b25c34be96a9197ccb85371fbf1a
SHA512

48dff2771dc3c352fd549da32a36d5f13b57767642b46b4c33fc5dedc6f95840d7e716dc17b84b8d2c49f55cec39890d629019cec9d5f91f55e1b78a7c7aaab8
SSDEEP

1536:doP+S4GWDuyQFvYIFkrft5aFMWS3QKZFuNrSfNxw8s7+cv5onV0mukgolo5:dFpLbX1lLaBv5onV0mukgolo5

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{C0FB3E0E-AC87-11EE-AA35-6E02734BA6FD} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4504	iexplore.exe
4504	iexplore.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4504 wrote to memory of 3924	4504	iexplore.exe	16
PID 4504 wrote to memory of 3924	4504	iexplore.exe	16
PID 4504 wrote to memory of 3924	4504	iexplore.exe	16

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6a0229d675c9712649c7a0c025bac3bd.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4504
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4504 CREDAT:17410 /prefetch:2
  2⤵
  PID:3924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit